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CYBER BREACHES ARE IN THE NEWS 
Data breach exposes 10M health records from HACR BRIEF: HEALTH INSURER 


New York insurer 


Hack of Excellus is the latest in a string of attacks that, experts say, show records are more valuable than credit card 


numbers on the black market. 





EXCELLUS SAYS ATTACRERS 
BREACHED 10M RECORDS 


Data Breach at UCLA Health Exposes 4.5 Million 








Security 
More than 1 1 E 
wSeptember206 — DU People's Personal Information 
| | company. Tt 
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conclusively rule out that possibility," UCLA Health said in a statement. 


The breach, which was discovered on May 5, 2015, may date back as fé 
include UCLA Health patients, as well as providers who sought privilege 


"We take this attack on our systems extremely seriously," Dr. James Atk 
president of the UCLA Hospital System, said in a statement. "Our patien 
is a critical part of our commitment to care. We sincerely regret any impe 


"We have taken significant steps to further protect data and strengthen c 


Atkinson added. 


All those affected are being offered one free year of identity theft recove 
Anyone with questions is advised to contact (877) 534-5972. 


attack that "may have 


That's a bit of an unde 
information may have 
birthdates, Social Sec 
Medicare or health pli 
(medical conditions, n 


"At this time, there is 
or acquired the perso 
impacted parts of the 








hackers sparks outrage 


In Case You Missed It 


Without a 'March miracle,' 
drought-like conditions will 
continue in Southern California 


The war between the FBI and 
Apple just heated up again 


The problem with slut shaming 
in schools 





See More 








Biggest of the 21st century 


by the millions 


Equifax es 143m 
iut rind Finder EE 


Anthen 





PB, jy 


JP Morgan Chase 


Home Depot 


Yahoo 


Target Stores 


Adobe 


US Office of Personne 
Management (OPM) 


Sony's PlayStation Network 


RSA Security 


Heartland Payment Systems 





THX Companies, Ir 


WHY FINANCIAL DATA? 















NOVEMBER 11. 2013 


Tea Party Under Fire / Rescuing Gorillas /Evernote 


TIME. 


THE SECRETWEB . 


ŻE DRUGS, PORN AND MURDER HIDE ONLINE 


ov gros r na — Ne 


WELCOME TO DARKODE m. 
"International marketplace for u | 


sewing machines and other legal stuff” 7 












urrencies, Lowest Prices! Unlimited Stealth Paypal Accounts and How to Withdraw 


| - FRESH - CHEAP & GOOD cvv2 USA/Canada 
(TM) Mark all topics read 


DRLOWIDE-CTSELLING SERVICE Sell (TM) e 


M Cervgolutions | 


It ıs currently Sat Mar 02, 2013 1:31 pr 


omania 0 off-sho.re 24 








Sun Jul 21, 2013 11:13 am 


Sana 103 anda 


Sun Jul 14, 2013 3:18 pm 
offshore 


Fri Mar 22, 2013 12:34 am 
wesTIhug — 


P 


wes T Thug 32 


TOPICS POSTS LAST POST 


Sun Mar 17, 2013 9:10 pm 











i 1 wesT Thug 25 spJcielist ` 
j caeropore F 
/ 44 423 rr mede E : | Wed Jan 23, 2013 6:32 am 
/ regarding the site Sat Mar 02, 2013 9:52 am 2 MrGold m sp3cialist ` 
NLY TM 3 Mia iets EA Gen 
TOPICS POSTS LAST POST 
- Tue Oct 09, 2012 1:14 pm 
= . 14 Doksh 600 
Open Discussion 1406 9194 by Guest F 一 一 一 Paradox ` 
q talk about anything that isn't relevant somewhere else. leave all introductions Sat Mar 02, 2013 1:13 pm s — ją Mon Sep 24, 2012 1:22 am 
in the Introductions thread. news threads go in the News section. any posted — T — 
here will be removed. Sat Jun 02, 2012 2:06 
! MrGold 53 zat Jun O2, 2 "e pm 
Moderators: I0v3h8, IOrax - CZOLE - MrGold “ 
if you have any recent news to share post it here. remember to cite source. 179 583 Sat Mar 02, 2013 8:43 am 
Moderators: I0v3h8, lorax 
Privacy l l 583 4145 by Guest F (TM) All times are GMT 
fll. for discussions on cryptography, darknets, anti-forensics, and anything related Sat Mar 02, 2013 11:08 am 


to keeping LE off your back 


Jump to: | Select a forum Go 
Moderator: lOv3h8 
You can post new topecs im this forum 
w me US te m" nn Puss gà] ANDOU noerrervt 
You can reply to topics im this forum 
x New posts [ Locked ] ~ No pew posts [ Locked | EM Cx You can edit your posts im this forum 
You cannot delete your posts m this forum 


You can vote in polls in this forum 








NOVEMBER 11. 2013 


Tea Party Under Fire / Rescuing Gorillas /Evernote 


TIME. 


WELCOME TO DARKODE m. 
"International marketplace fot u | 
















THE SECRE TWEB . sewing machines and other legal stuff" J 
WHERE DRUGS, PORN AND MURDER HIDE ONLINE 
BY LEV. GROSSMAN & JAY NEWTON-SMALL NM 
PA ^ 5 te Z f LM = 9 FAO © Search © Register « Login 
E | ge d | urrencies, Lowest Prices! Unlimited Stealth Paypal Accounts and How to Withdraw 
> | | - FRESH - CHEAP & GOOD cvv2 USA/Canada 


(TM) Mark all topics read 







Sell (TM) 3 


nn nullE- CO SELLING SERVICE 


ger vir utions 


USA CC SALEM 35/EACH 












Sun Jul 21. 2013 11:13 am 
Sana — 























44 423 W EE _ Wed Jan 23, 2013 6:32 am 
regarding the site Sat Mar 02, 2013 9:52 am 2 MrGold = 94 HRS "E 
NLY TM 3 ner UMS EE en ze 
TOPICS POSTS LAST POST 
-一 一 Tue Oct 09, 2012 1:14 pm 
z 。 14 Doksh 600 
Open Discussion | | | 1406 9194 by Guest P — Paradox ` 
q talk about anything that isn't relevant somewhere else. leave all introductions Sat Mar 02, 2013 1:13 pm a — a Mon Sep 24, 2012 1:22 am 
in the Introductions thread. news threads go in the News section. any posted ' — Jumbie — 
here will be removed. , Gold Sat Jun 02, 2012 2:06 pm 
) roo 352 
Moderators: I0v3h8, lOrax — MrGold — 
_ News by caeropore R 5 fubar pa Bau ug EE 
if you have any recent news to share post it here. remember to cite source. 179 583 Sat Mar 02, 2013 8:43 am — 
Privacy l | ! 583 4145 by Guest - (TM) All times are GMT 
fll. for discussions on cryptography, darknets, anti-forensics, and anything related Sat Mar 02, 2013 11:08 am 
to keeping LE off your back pM 
Moderator: IOv3h8 mp o ad na 
= — ae —— You can post new topecs m ig forum 
a m" v R x You can reply to topics in this forum 
X New posts [ Locked ] ~ No mew posts [ Locked ]  Stcky You can edit your posts in this forum 
7 You cannot delete your posts in this forum 


You can vote in polls in this forum 





PRICE OF STOLEN 
DATA 





CVV 


credit card, stale data 

fullz 

bank account details 

health credentials 

credit card, market flooded 
PayPal / eBay account 
credit card, freshly acquired 
spam email list 

'executive' credit card 


zero-day 


black market cost of hacking into an account 


average cost to companies per compromised record 


black market 
price, $ 

2 

2-7 

3 

5 

10 

10-12 

27 

20-45 

100 

8000 

up to 250,000 





16-325 
194 








EXAMPLE OF TRAVELLING DATA 


"A Day in the life of a stolen healthcare record 
"Krebs on nsu = Blogger 





Did an Experiment - Released fake healthcare data to see where it ends 
up with Bitglass 


= http:/ /www.bitalass.com /company /news/press releases/bitalasswheresyourdata 
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Within two weeks, viewed more than 1 ,OOÓ times and 
downloaded 47 times; some activity had connections to crime 


10 ‘syndicates in Nigeria and Russia. 


HOW DO WE GET INTO THE DARKWEB? 
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EASY 


I2P i Sissi: 


Download About Help "Volunteer 








The Invisible Internet Project 
(I2P) 


I2P is an anonymous network, exposing a simple layer that applications 
can use to anonymously and securely send messages to each other. The 
network itself is strictly message based (a la IP), but there is a library 
available to allow reliable streaming communication on top of it (a la TCP). 
All communication is end to end encrypted (in total there are four layers of 
encryption used when sending a message), and even the end points 
("destinations") are cryptographic identifiers (essentially a pair of public 
keys). 


How does it work? 


To anonymize the messages sent, each client application has their I2P 
"router" build a few inbound and outbound "tunnels" - a sequence of peers 
that pass messages in one direction (to and from the client, respectively). In 
turn, when a client wants to send a message to another client, the client 
passes that message out one of their outbound tunnels targeting one of the 
other client's inbound tunnels, eventually reaching the destination. Every 
participant in the network chooses the length of these tunnels, and in doing 
so, makes a tradeoff between anonymity, latency, and throughput according 
to their own needs. The result is that the number of peers relaying each 
end to end message is the absolute minimum necessary to meet both the 
sender's and the receiver's threat model. 


The first time a client wants to contact another client, they make a query 
against the fully distributed "network database" - a custom structured 
distributed hash table (DHT) based off the Kademlia algorithm. This is done 
to find the other client's inbound tunnels efficiently, but subsequent 
messages between them usually includes that data so no further network 
database lookups are required. 


More details about how I2P works are available. 








Anonymity Online 
Protect your privacy. Defend yourself 
against network surveillance and traffic 


analysis. 


Download Tor 


What is Tor? 
Tor is free software and an open network that 
helps you defend against traffic analysis, a 
form of network surveillance that threatens 
personal freedom and privacy, confidential 
business activities and relationships, and state 
security. 

Learn more about Tor » 


Home About Tor 


* Tor prevents people from 
learning your location or 
browsing habits. 


* Tor is for web browsers, 
instant messaging clients, 
and more. 


* Tor is free and open 
source for Windows, Mac, 
Linux/Unix, and Android 





Why Anonymity Matters 
Tor protects you by bouncing your 
communications around a distributed network 
of relays run by volunteers all around the 
world: it prevents somebody watching your 
Internet connection from learning what sites 
you visit, and it prevents the sites you visit from 
learning your physical location. 

Get involved with Tor » 







Documentation Press Blog Contact 


Volunteer Donate 





Recent Blog Posts 


| 


Sat, 15 Nov 2014 Posted by: arma 


Tor Weekly News 一 November 12th... 
Wed, 12 Nov 2014 Posted by: harmony 


Partnering with Mozilla 


Tue, 11 Nov 2014 Posted by: phobos 


OONI Bridge reachability study a... 
Mon, 10 Nov 2014 Posted by: art 


Thoughts and Concerns about Oper... 
Sun, 09 Nov 2014 Posted by: phobos 


View all blog posts » 


Family & Friends 

People like you and your family use Tor 
to protect themselves, their children, 
and their dignity while using the 


TorBrowser * 


About Tor 


©” S about:tor 


Tor Browser 
) 5 3-W nd OWS 


Congratulations! 


This browser is configured to use Tor. 


You are now free to browse the Internet anonymously. 
Test Tor Network Settings 


| a 


Search securely with Startpage 





What Next? 


Tor is NOT all vou need to browse 
anonymously! You may need to change some of 
your browsing habıts to ensure your identity z 
your brov sing habits to ensure your identit « Run a Tor Relay Node » 
stavs sale. 23 m ! 

| e Volunteer Your Services » 

e Make a Donation » 
Tips On Staying Anonymous » 


You Can Help! 


There are many ways vou can help make the Tor 
Network faster and stronger 


The Tor Project is a US 501(c)(3) non-profit dedicated to the research, development, and 
education of online anonymity and privacy. Learn more about The Tor Project » 
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ONCE IN, FIND THE UNDERGROUND SITES 


The domains end in .onion eg http://xkclkjsfsdfs.onion 


Siaaint.or http: / /siqgaintevyh2rzvw.onion 


Mail2Tor.com / http:/ /mail2tor2zyjdctd.onion 





Lelantos.or http: / /lelantoss7bcnwbv.onion aid accounts only, lackina customer support 


Anonlnbox.net / http: / /ncikv3idafzwy2dy.onion aid accounts onl 





GuerrillaMail.com / http:/ /grrmailb3fxpjbwm.onion 


44 lorBox / http:/ /torbox3uiotówchz.onion | 100% tor, no clearnet 


HOW DO WE SECURE OUR ORGANISATION? 
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1) START WITH LEGISLATION, REG, 
POLICIES AND GUIDELINES 





LOOK AT YOUR RISK APPETITE FROM THE BOARD 


EXAMPLE OF FINANCIAL RISK APPETITE 
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THE BOARD IS ACCOUNTABLE FOR SECURITY 


Boards are appointing CISOs to mitigate this risk. 
"Does your organisation have a CISO? 


"Does the CISO report to the Board? 
“Why not? 


"Does your organisation have a Cybersecurity strategy? 





APPROACH TO CYBERSECURITY 


|. Architect with defence in depth. 


Assume threats will be inside the network. 
2. Protect the data 


3. Monitor with as much visibility as possible 
at all layers 


4. Protect the un-protectable 





5. Segment and segregate 


19 6. Detect and Respond 





PROTECT DETECT RESPOND 


|. Architect with defence in depth 


* Assume threats will be inside the network. 
2. Firewall, segregate and segment 


3. Separate based on risk profiles 
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PROTECT DETECT RESPOND 


1. Get visibility at all layers 
° Deep packet inspection 
° Networks 
* Endpoints 


* Gateways 


2. |ntelligence 


* Correlate and apply business impact. "What does this mean to our 
business?" 


*  Darknet intelligence. Know before it happens 
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PROTECT DETECT RESPOND 


|. Plan and know what to do when something happens 
: Comms strategy (internal and external) 
: Can you send an email from your CEO /Chairman to all staff globally? 
M Are you ready to deal with the media? Pre-approved holding statements? 
s Respond to your Board and Execs 


: Security awareness and messaging 


d Templates and processes in place to send internal and external messages 
d Is secure awareness training part of employee induction or training? 
2. Incident response 


á Small (Quick Ihr — 1 day investigation) — what happened? How bad is it? 
° | Medium (1 day to weeks) — Deeper dive 


25 d Large (weeks to months/years) — Extremely serious, prosecution 





APPLY A RISK-BASED APPROACH TO CYBERSECURITY 
PRIVACY AND SECURITY ASSURANCE FRAMEWORK (PSAF) 


b — — | * 


Phase 0 | Phase 1 | Phase 2 |  . Phase3 Phase 4 
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Business Case 
& Funding 
(QuickLook) 


e Project 
information 


e Information 
Security 
Planning 
Questionnaire & 
& Privacy Impact 
Assessment 
(QuickLook) 


e Acceptance and 
endorsement 


Planning 8 
Reguirements 
Definition 


e Project 
information 


e Change 
notification 


e Confirmation of 
PO submission 


e P1 Security Risk 
Assessment 
Questionnaire 


e Acceptance and 
endorsement 


Solution & 
Service Design 


e Project information 
e Change notification 


e Confirmation of PO 
and P1 submission 


e P2 Security Risk 
Assessment 
Questionnaire 


e Annex 2A - Security 
Compliance 
Checklist 


e Acceptance and 
endorsement 


Solution & 
Service Build 


e Project information 
e Change notification 


e Confirmation of PO 
to P2 submission 


e P3 Security Risk 
Assessment 
Questionnaire 


e Annex BA” - 


Security Risk 
Management Plan 


e Annex 3B* - 
Security Risk 
Management Plan 


e Acceptance and 
endorsement 


Transition & 
Operation 


e Project information 
e Change notification 


e Confirmation of PO to 
P3 submission 


e P4 Security Risk 
Assessment 
Questionnaire 

e Annex 4A* 

e Annex 4B* 

e Annex AC 

e Annex 4D 


e Acceptance and 
endorsement 








- SECURITY ASSURANCE STANDARD (SAS) 


BASED ON CESG ISI&2 








“Step 1: Model objects, analyse and catalogue the information assets, define and conduct a 
business impact assessment 


" Step 2: Define the Focus of Interest (Fol) 


* Step 3: Conduct a Threat Assessment, identify and assess the Threat Sources and estimate threat 
levels 


" Step 4: Identify and assess the Threat Actors and estimate threat levels 


" Step 5: Conduct a Vulnerability Analysis, identify compromise methods and risks, and estimate risk 
levels 


" Step 6: Prioritise and present risks 
" Step 7: Mitigation (Risk Treatment Plan) ocu MCN NONE | 
Step 8: PSAF Revi ip 
" Step 8: eview | 
: l ım Risk Treatment 
" Step 9: Annual Review | 


25 = Risk Score www.cesg.gov.uk 
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RISK TREATMENT 


Threat Level 


T 
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DETER DETER DETER)’ 


Medium Medium 
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“RISK SCORES MAPPING 





Amount of Security required 


F 
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EXAMPLE SSC ARCHITECTURE 
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Presentation 
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Data 





Internal 
Ancillary 
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WHAT IS ON THE CYBER HORIZON? 


"Artificial Intelligence — Watching this space last 5 years 
"Automation. Decisions without humans 

“Fuelled by Machine Learning /Deep Learning — Hinton 2006 
"Evolution of our Cyber systems to be Intelligent 


"Cyber has a big data set to analyse 
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Big Data Landscape 2016 


Infrastructure Analytics Applications 
















































Hadoop Hadoop in Cluster Services Analyst Analytics Data Science Visualization Sales & Marketing Customer Service || Human 
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Not quite Skynet and Terminator 
More at another talk! 
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THANK YOU 


gilbert.verdian@quant.network 
07985 770 889 


wy https://twitter.com/gverdian 


in https://www.linkedin.com/in/gverdian 


W http://www.gilbertverdian.com 
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